Fix use-after-free in mark_servers()

author Petr Menšík <pemensik@redhat.com>

Sat, 26 Nov 2022 18:49:21 +0000 (18:49 +0000)

committer Simon Kelley <simon@thekelleys.org.uk>

Sat, 26 Nov 2022 18:49:21 +0000 (18:49 +0000)
author Petr Menšík <pemensik@redhat.com>
Sat, 26 Nov 2022 18:49:21 +0000 (18:49 +0000)
committer Simon Kelley <simon@thekelleys.org.uk>
Sat, 26 Nov 2022 18:49:21 +0000 (18:49 +0000)
diff --git a/src/domain-match.c b/src/domain-match.c

index bef460a..fe8e25a 100644 (file)
--- a/src/domain-match.c
+++ b/src/domain-match.c
@@ -559,7 +559,7 @@ static int maybe_free_servers = 0;
  /* Must be called before  add_update_server() to set daemon->servers_tail */
  void mark_servers(int flag)
  {
-  struct server *serv, **up;
+  struct server *serv, *next, **up;
  
    maybe_free_servers = !!flag;
    
@@ -580,11 +580,13 @@ void mark_servers(int flag)
       1) numerous and 2) not reloaded often. We just delete 
       and recreate. */
    if (flag)
-    for (serv = daemon->local_domains, up = &daemon->local_domains; serv; serv = serv->next)
+    for (serv = daemon->local_domains, up = &daemon->local_domains; serv; serv = next)
        {
+       next = serv->next;
+
         if (serv->flags & flag)
           {
-           *up = serv->next;
+           *up = next;
             free(serv->domain);
             free(serv);
           }
author	Petr Menšík <pemensik@redhat.com>
	Sat, 26 Nov 2022 18:49:21 +0000 (18:49 +0000)
committer	Simon Kelley <simon@thekelleys.org.uk>
	Sat, 26 Nov 2022 18:49:21 +0000 (18:49 +0000)